Because the IDE uses this on-line content, potentially any code could be executed inside the IDE (apart from that page being loaded over http, so any man-in-the-middle could abuse this, but I digress). This imposes a security risk as many developers run the IDE from accounts having more rights than the average user.

PS: the Embarcadero forums server loses messages and threads over time, hence quite a few of the links in this article are through saved web.archive.org links. Those links are slow, but at least are retained for much longer than the Embarcadero server does.

Even Google thought the community site could be hacked – image by myself

I’m not surprised. Neither the IT team nor the development team at Embarcadero seem very security aware. QC for instance cannot even use HTTPS to connect to the SOAP server which means your credentials are always sent over the wire in plaintext. The SSL configuration of both their web and mail servers are vulnerable to various attacks. Some of their web sites use plain HTTP for login. The development products only check local things, but not information obtained over the network. App Tethering doesn’t use any form of connection level security (but passwords are salted and hashed). But don’t place anything DLL like in the Delphi bin directory or tamper with anything executable there: it’s either a “quit Delphi now” or “license issue” you will get.
I understand their wish to protect against unlicensed Delphi usage, but wish they cared as much for the security of their customers (and recursive customers of their customers) as they cared about the revenue stream.

and

You have to go through their hacked infrastructure to download/install/register their products.

Until I see a statement detailing which parts of their infrastructure are safe (including grade B or better TLS), I won’t install their products.

Gordon Niessensaid

I commented out the Online banner load in the default.htm page in the C:\Program Files (x86)\Embarcadero\Studio\16.0\Welcomepage folder. It shows I am offline, but I still get to see the recent and favorite projects.

Over the weekend hackers attacked the Embarcadero web site. The hack was confined to the Website CMS front end, which also serves the start page banner. The network was not accessed, and NO customer or internal data was exposed or compromised. The issue was identified and fixed.

Steven Kamradtsaid

and there is even a 10.1 Berlin version now available, although it appears that the Berlin welcome screen no longer has the banners on it, but is still browser based. Also the stock Berlin welcome screen still doesn’t have categories for favorites, so the Daniel Wolf welcome page is a must if you have lots of favorites that need more organization.